Last week’s blog continued the dialogue on cybersecurity awareness with a focused discussion on cybersecurity defense. This week, the focus is on the practical implementation of Cyber Risk Management (CRM) onboard commercial vessels.
Cyber attacks on critical infrastructure are a growing concern for many organizations across the globe. The Marine Transportation System is no different and has been a target of attacks, with recent network breaches, data thefts, and denial-of-service attacks. Exploited vulnerabilities can vary from the basic, such as the lack of passwords or use of default-only passwords, to configuration issues and software flaws. To achieve the level of protection and resilience needed for critical control system networks, security needs to mature from a piecemeal collection of technologies to effective cyber security governance. This includes the ability to detect abnormal behavior and prevent attacks while providing the organization with meaningful forensics to investigate breaches when they occur.
During last week’s cybersecurity awareness discussion, we addressed the importance of instilling a cyber security governance framework within your organization to better identify and mitigate cyber risk. We stated a cornerstone of the cyber security governance is building resilience. Considering the increased trend of cyber breaches and attacks, it is no surprise that companies are heavily focused on enhancing their resiliency posture. No amount of planning or investment can make an organization’s cyber defenses completely secure, but developing a vigorous resiliency plan may prevent outages of critical systems and functions by cyber incidents or unexpected failures of IT/OT systems. Read the full post to learn more!
Security governance is not an unfamiliar term within industry. Security risks have always been managed under various layers of oversight, and cyber governance is simply an extension of the risk evaluation process. Cybersecurity governance is a conceptual framework, with a practical methodology, which an organization can use to define and implement its strategy for addressing threats and vulnerabilities related to its cyber-dependent systems.
October is nationally recognized as Cyber Security Awareness Month, and there is no better time to discuss the importance of cybersecurity and the Coast Guard’s role in cyber risk management.